[Serusers] Onsip.org ser.cfg + pstn + uac - can't authenticate on gateway
Cameron Beattie
kjcsb at orcon.net.nz
Mon Jun 13 21:38:04 CEST 2005
I am trying the get the uac module working with the onsip.org ser.cfg (the
pstn + mediaproxy version). I think the problem is related to the
authentication on the gateway device. It doesn't seem to be challenging SER.
Below is the SIP traffic and then the ser.cfg file. Any suggestions would be
appreciated. For information, the gateway (198.22.67.70) is provided by
Nufone.net and is an Asterisk server, I believe.
Thanks in advance for any advice.
Regards
Cameron
U 147.202.xx.xxx:5060 -> 60.234.xxx.xxx:5060
SIP/2.0 100 trying -- your call is important to us..Via: SIP/2.0/UDP
192.168.0.11:5060;branch=z9hG4bK-fff17e3f;rport=5060;received=60.234
.xxx.xxx..From: <sip:user1 at mydomain.com>;tag=f9493da2f8a6d10ao0..To:
<sip:00442070800000 at mydomain.com>..Call-ID: ce674b
82-e2fd1caa at 192.168.0.11..CSeq: 102 INVITE..Server: Sip EXpress router
(0.9.2 (i386/linux))..Content-Length: 0..Warning: 392 147.202.xx.xxx:5060
"Noisy feedback tells: pid=6752 req_src_ip=60.234.xxx.xxx req_src_port=5060
in_uri=sip:00442070800000 at mydomain.com out_uri
=sip:00442070800000 at 198.22.67.70 via_cnt==1"....
##
U 147.202.xx.xxx:5060 -> 198.22.67.70:5060
INVITE sip:00442070800000 at 198.22.67.70 SIP/2.0..Record-Route:
<sip:00442070800000 at 147.202.xx.xxx:5060;nat=yes;ftag=f9493da2f8a6d10ao0;lr=on>.
.Via: SIP/2.0/UDP 147.202.xx.xxx;branch=z9hG4bK8b0a.2871d5c2.0..Via:
SIP/2.0/UDP 192.168.0.11:5060;rport=5060;received=60.234.xxx.xxx;bran
ch=z9hG4bK-fff17e3f..From:
<sip:user1 at mydomain.com>;tag=f9493da2f8a6d10ao0..To:
<sip:00442070800000 at mydomain.com>..Cal
l-ID: ce674b82-e2fd1caa at 192.168.0.11..CSeq: 102 INVITE..Max-Forwards:
16..Contact: <sip:user1 at 60.234.xxx.xxx:5060>..Expires: 240..User-
Agent: Sipura/SPA3000-3.1.3(GWa)..Content-Length: 424..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: x-sipura
..Content-Type: application/sdp....v=0..o=- 757701 757701 IN IP4
192.168.0.11..s=-..c=IN IP4 147.202.xx.xxx..t=0 0..m=audio 35026 RTP/AVP
0 2 4 8 18 96 97 98 100 101..a=rtpmap:0 PCMU/8000..a=rtpmap:2
G726-32/8000..a=rtpmap:4 G723/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18 G729
a/8000..a=rtpmap:96 G726-40/8000..a=rtpmap:97 G726-24/8000..a=rtpmap:98
G726-16/8000..a=rtpmap:100 NSE/8000..a=rtpmap:101 telephone-event
/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
#
U 147.202.xx.xxx:5060 -> 60.234.xxx.xxx:5060
SIP/2.0 500 I'm terribly sorry, server error occurred (1/SL)..Via:
SIP/2.0/UDP 192.168.0.11:5060;branch=z9hG4bK-fff17e3f;rport=5060;recei
ved=60.234.xxx.xxx..From:
<sip:user1 at mydomain.com>;tag=f9493da2f8a6d10ao0..To:
<sip:00442070800000 at mydomain.com>;tag=66
9cac32ae43cfbf664b867e0fb4dd5a.572f..Call-ID:
ce674b82-e2fd1caa at 192.168.0.11..CSeq: 102 INVITE..Server: Sip EXpress router
(0.9.2 (i386/l
inux))..Content-Length: 0..Warning: 392 147.202.xx.xxx:5060 "Noisy
feedback tells: pid=6752 req_src_ip=60.234.xxx.xxx req_src_port=5060 i
n_uri=sip:00442070800000 at mydomain.com
out_uri=sip:00442070800000 at 198.22.67.70 via_cnt==1"....
##
U 198.22.67.70:5060 -> 147.202.xx.xxx:5060
SIP/2.0 404 Not Found..Via: SIP/2.0/UDP
147.202.xx.xxx;branch=z9hG4bK8b0a.2871d5c2.0..Via: SIP/2.0/UDP
192.168.0.11:5060;received=60.234.
xxx.xxx;branch=z9hG4bK-fff17e3f..From:
<sip:user1 at mydomain.com>;tag=f9493da2f8a6d10ao0..To:
<sip:00442070800000 at mydomain.com>;tag=as40c6caec..Call-ID:
ce674b82-e2fd1caa at 192.168.0.11..CSeq: 102 INVITE..User-Agent: Asterisk
PBX..Allow: INVITE, ACK, CANCEL, O
PTIONS, BYE, REFER, NOTIFY..Contact:
<sip:00442070800000 at 198.22.67.70>..Content-Length: 0....
#
U 147.202.xx.xxx:5060 -> 198.22.67.70:5060
ACK sip:00442070800000 at 198.22.67.70 SIP/2.0..Via: SIP/2.0/UDP
147.202.xx.xxx;branch=z9hG4bK8b0a.2871d5c2.0..From:
<sip:user1 at mydomain.com>;tag=f9493da2f8a6d10ao0..Call-ID:
ce674b82-e2fd1caa at 192.168.0.11..To:
<sip:00442070800000 at mydomain.com>;tag=as40c6caec.
.CSeq: 102 ACK..User-Agent: Sip EXpress router(0.9.2
(i386/linux))..Content-Length: 0....
My ser.cfg is below:
debug=3
fork=yes
#fork=no
log_stderror=yes
check_via=no
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://user:password@localhost/ser"
sock_mode=0666
#fifo_mode=0666
#fifo_user=root
listen=147.202.xx.xxx
port=5060
children=4
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/avpops.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/permissions.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/uac.so"
modparam("auth_db|permissions|uri_db|usrloc|acc", "db_url", "mysql://
user:password @localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 0)
modparam("mediaproxy","natping_interval", 30)
modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy.sock")
modparam("mediaproxy","sip_asymmetrics","/usr/local/etc/ser/sip-clients")
modparam("mediaproxy","rtp_asymmetrics","/usr/local/etc/ser/rtp-clients")
modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
modparam("tm", "fr_inv_timer", 27)
modparam("tm", "fr_inv_timer_avp", "inv_timeout")
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 3)
modparam("uac","credential","user:asterisk:password")
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
break;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
break;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method=="INVITE" && client_nat_test("3")) {
record_route_preset("147.202.xx.xxx:5060;nat=yes");
# insert IP address
} else if (method!="REGISTER") {
record_route();
};
# -----------------------------------------------------------------
# Call Tear Down Section
# -----------------------------------------------------------------
if (method=="BYE" || method=="CANCEL") {
setflag(1);
end_media_session();
};
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
if (has_totag() && (method=="INVITE" ||
method=="ACK")) {
if (client_nat_test("3") ||
search("^Route:.*;nat=yes")) {
setflag(6);
use_media_proxy();
};
};
route(1);
break;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(5);
route(1);
break;
};
if (uri==myself) {
if (method=="ACK") {
route(6);
break;
} else if (method=="CANCEL") {
route(3);
break;
} else if (method=="INVITE") {
route(3);
break;
} else if (method=="REGISTER") {
route(2);
break;
};
lookup("aliases");
if (uri!=myself) {
route(5);
route(1);
break;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
sl_send_reply("100", "Trying");
if (!search("^Contact: \*") && client_nat_test("7")) {
setflag(6);
fix_nated_register();
force_rport();
};
if (!www_authorize("","subscriber")) {
www_challenge("","0");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# CANCEL and INVITE Message Handler
# -----------------------------------------------------------------
if (client_nat_test("3")) {
setflag(7);
force_rport();
fix_nated_contact();
};
if (method=="INVITE" && !allow_trusted()) {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
break;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
break;
};
consume_credentials();
};
lookup("aliases");
if (uri!=myself) {
route(5);
route(1);
break;
};
if (uri=~"^sip:[+|00][0-9]*@") { # International PSTN
route(4);
break;
};
if (!lookup("location")) {
if (uri=~"^sip:[0-9]{8}@") { # Domestic PSTN
route(4);
break;
};
sl_send_reply("404", "User Not Found");
break;
};
if (method=="CANCEL") {
route(1);
break;
};
setflag(1);
setflag(3);
route(5);
route(1);
}
route[4] {
# -----------------------------------------------------------------
# PSTN Handler
# -----------------------------------------------------------------
avp_write("i:45", "inv_timeout");
route(5);
t_on_failure("4");
resetflag(8);
t_relay_to_udp("198.22.67.70","5060");
route(1);
}
route[5] {
# -----------------------------------------------------------------
# RTP Proxy Enabler
# -----------------------------------------------------------------
if (isflagset(6) || isflagset(7)) {
use_media_proxy();
};
}
route[6] {
# ------------------------------------------------------------------------
# ACK Handler
# ------------------------------------------------------------------------
# ------------------------------------------------------------------------
# Aliases Section
# ------------------------------------------------------------------------
lookup("aliases");
if (uri!=myself) {
route(1);
break;
};
lookup("location");
route(1);
}
onreply_route[1]
{
if ((isflagset(6) || isflagset(7)) &&
(status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:\ 0")) {
use_media_proxy();
};
};
if (client_nat_test("1")) {
fix_nated_contact();
};
}
failure_route[5]
{
if (t_check_status("401|407"))
{
if (isflagset(8))
{
t_reply("503","Auth failed");
break;
}
if (uac_auth())
{
setflag(8);
t_on_failure("5");
append_branch();
t_relay();
}
}
}
More information about the sr-users
mailing list